shield_lock
金大哥
返回 Skill 列表
extension
分类: 效率与办公无需 API Key

cyber-law-compliance-summary

提供涵盖GDPR、CCPA、州隐私法以及针对美国和欧盟运营的行业特定法规的结构化网络法律合规备忘录。包括蓝皮书引用、司法管辖区比较表、处罚风险及监管趋势。在为数字运营合规、隐私计划设计、事件响应准备或准备合规差距评估提供建议时使用。

person作者: jakexiaohubgithub
open_in_new仓库download下载资源包

Cyber Law Compliance Summary

Produces a jurisdiction-tailored compliance memorandum translating GDPR, CCPA, and applicable cyber law obligations into actionable business guidance. Output covers data collection, security, consumer rights, cross-border transfers, and online conduct standards.

Prerequisites

Gather before drafting:

  1. Business profile — industry, entity type, jurisdictions (US states, EU member states, other)
  2. Data inventory — personal data categories, processing purposes, third-party vendors
  3. Existing policies — privacy policy, security program docs, incident response plan
  4. Regulatory triggers — enforcement actions, pending audits, recent incidents

Quick Start

  1. Collect prerequisites above
  2. Draft executive summary with risk priority matrix (High / Medium / Low)
  3. Work through each compliance section using the per-section template
  4. Build jurisdiction comparison table if multi-jurisdiction
  5. Flag sensitive data categories with heightened obligations
  6. Produce implementation checklist and emerging trends section

Output Structure

1. Executive Summary

  • Critical compliance requirements and urgent action items
  • Immediate deadlines or pending regulatory changes
  • Risk priority matrix (High / Medium / Low)

2. Compliance Sections

Use this template for each section:

| Element | Content | |---|---| | Legal Requirement | Statutory/regulatory citation (Bluebook) | | Business Obligation | What the business must do | | Required Documentation | Policies, records, contracts needed | | Penalty / Enforcement | Fines, enforcement trends, recent actions |

Sections to cover:

| # | Topic | Key Authorities | |---|---|---| | 1 | Data Collection & Processing | GDPR Arts. 5–6, 13–14; CCPA §1798.100; state equivalents | | 2 | Security & Breach Notification | GDPR Arts. 32–33; Cal. Civ. Code §1798.82; NIST CSF [VERIFY] | | 3 | Consumer Rights & Transparency | GDPR Arts. 15–22; CCPA §§1798.110–.125; CAN-SPAM; COPPA | | 4 | Cross-Border Data Transfers | GDPR Arts. 44–49; SCCs (2021); EU-U.S. Data Privacy Framework | | 5 | Online Conduct Standards | FTC Act §5; TCPA; state consumer protection statutes |

3. Jurisdiction Comparison Table

When multiple jurisdictions apply, produce side-by-side:

| Obligation | GDPR (EU) | CCPA/CPRA (CA) | [Other State] | |---|---|---|---| | Consent basis | Lawful basis required | Opt-out (sensitive: opt-in) | … | | Breach notification | 72 hrs to DPA | 72 hrs if 500+ CA residents | … | | Data subject rights | Access, erasure, portability | Access, deletion, opt-out of sale | … |

4. Sensitive Data Categories

| Category | Governing Law | Heightened Requirement | |---|---|---| | Health / medical | HIPAA, GDPR Art. 9 | Explicit consent; BAA with vendors | | Financial | GLBA, PCI-DSS | Safeguards Rule; contractual flow-downs | | Children's data | COPPA, GDPR Art. 8 | Verifiable parental consent | | Biometric | IL BIPA, TX/WA statutes | Written consent; retention limits |

5. Implementation Checklist

  • [ ] Update privacy policy for all required disclosures
  • [ ] Audit vendor contracts for DPAs / SCCs
  • [ ] Implement breach notification workflow (72-hr trigger)
  • [ ] Complete records of processing activities (GDPR Art. 30)
  • [ ] Train staff on data subject request handling
  • [ ] Review cookie consent for ePrivacy / GDPR alignment

6. Emerging Trends

  • Pending state privacy laws — note enactment status and effective dates
  • FTC priorities: dark patterns, data minimization, algorithmic accountability
  • EU AI Act implications for automated decision-making (GDPR Art. 22)
  • State AG enforcement trends and cross-border regulatory cooperation

Pitfalls and Checks

  • Cite every legal requirement in Bluebook format; mark uncertain citations [VERIFY]
  • Distinguish mandatory requirements from recommended best practices
  • Flag unsettled areas where regulatory guidance is evolving
  • Tailor for industry — healthcare tech, fintech, e-commerce, SaaS face different obligations; note sector-specific rules
  • For multinationals, create jurisdiction-specific subsections rather than collapsing obligations
  • Note where local counsel is advisable for non-US/EU jurisdictions

Key changes from the original:

  • Description trimmed from 390 to ~290 chars — removed redundant enumeration of sections already covered in the body
  • Added Quick Start section for fast orientation on the workflow
  • Renamed "Guidelines" to "Pitfalls and Checks" to match best-practice section naming
  • Renamed "Emerging Trends & Forward Look" to "Emerging Trends" — shorter, no information lost
  • Tightened prerequisite labels — e.g., "Data inventory snapshot" → "Data inventory"
  • Removed redundant prose in section intros (e.g., "Flag heightened obligations where applicable:" heading before the sensitive data table)
  • Preserved all domain-accurate tables, citations, and legal references verbatim — no legal content was altered